summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2000-12-22 01:43:59 +0000
committerBen Lindstrom <mouring@eviladmin.org>2000-12-22 01:43:59 +0000
commit46c162204b5a6f7471525c2f75cb2c607c88b83f (patch)
tree9041b006ab612c18bdb16b606601839a00ca5b2c /sshconnect.c
parenta074feb65d6f1fcad02e80b751e2287fd6230b09 (diff)
One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c50
1 files changed, 36 insertions, 14 deletions
diff --git a/sshconnect.c b/sshconnect.c
index b54e75a8..647aec79 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -472,6 +472,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
int local = 0, host_ip_differ = 0;
int salen;
char ntop[NI_MAXHOST];
+ int host_line = -1, ip_line = -1;
+ const char *host_file = NULL, *ip_file = NULL;
/*
* Force accepting of the host key for loopback/localhost. The
@@ -508,11 +510,17 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
if (options.proxy_command != NULL && options.check_host_ip)
options.check_host_ip = 0;
- if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
- NULL, 0, NI_NUMERICHOST) != 0)
- fatal("check_host_key: getnameinfo failed");
- ip = xstrdup(ntop);
-
+
+
+ if (options.proxy_command == NULL) {
+ if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
+ NULL, 0, NI_NUMERICHOST) != 0)
+ fatal("check_host_key: getnameinfo failed");
+ ip = xstrdup(ntop);
+ } else {
+ ip = xstrdup("<no hostip for proxy command>");
+ }
+
/*
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
@@ -523,19 +531,25 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
* Check if the host key is present in the user\'s list of known
* hosts or in the systemwide list.
*/
- host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key);
- if (host_status == HOST_NEW)
- host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key);
+ host_file = user_hostfile;
+ host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line);
+ if (host_status == HOST_NEW) {
+ host_file = system_hostfile;
+ host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line);
+ }
/*
* Also perform check for the ip address, skip the check if we are
* localhost or the hostname was an ip address to begin with
*/
if (options.check_host_ip && !local && strcmp(host, ip)) {
Key *ip_key = key_new(host_key->type);
- ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key);
- if (ip_status == HOST_NEW)
- ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key);
+ ip_file = user_hostfile;
+ ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line);
+ if (ip_status == HOST_NEW) {
+ ip_file = system_hostfile;
+ ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line);
+ }
if (host_status == HOST_CHANGED &&
(ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
host_ip_differ = 1;
@@ -551,6 +565,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
/* The host is known and the key matches. */
debug("Host '%.200s' is known and matches the %s host key.",
host, type);
+ debug("Found key in %s:%d", host_file, host_line);
if (options.check_host_ip) {
if (ip_status == HOST_NEW) {
if (!add_host_to_hostfile(user_hostfile, ip, host_key))
@@ -559,9 +574,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
else
log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.",
type, ip);
- } else if (ip_status != HOST_OK)
+ } else if (ip_status != HOST_OK) {
log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'",
type, host, ip);
+ log("Found key in %s:%d", host_file, host_line);
+ if (ip_line != -1)
+ log("Offending key for IP in %s:%d", ip_file, ip_line);
+ }
}
break;
case HOST_NEW:
@@ -612,7 +631,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
error("and the key for the according IP address %s", ip);
error("%s. This could either mean that", msg);
error("DNS SPOOFING is happening or the IP address for the host");
- error("and its host key have changed at the same time");
+ error("and its host key have changed at the same time.");
+ if (ip_line != -1)
+ error("Offending key for IP in %s:%d", ip_file, ip_line);
}
/* The host key has changed. */
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
@@ -624,6 +645,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
+ error("Offending key in %s:%d", host_file, host_line);
/*
* If strict host key checking is in use, the user will have